Given that we know the partial structure of the members table, it seems like a plausible approach to attempt adding a new record to that table: if this works, we’ll simply be able to login directly with our newly-inserted credentials.
This, not surprisingly, takes a bit more SQL, and we’ve wrapped it over several lines for ease of presentation, but our part is still one contiguous string:
SELECT email, passwd, login_id, full_name FROM members WHERE email = 'x'; INSERT INTO members ('email','passwd','login_id','full_name') VALUES ('steve@unixwiz.net','hello','steve','Steve Friedl');--';
Even if we have actually gotten our field and table names right, several things could get in our way of a successful attack:
In the case at hand, we hit a roadblock on either #4 or #5 – we can’t really be sure — because when going to the main login page and entering in the above username + password, a server error was returned. This suggests that fields we did not populate were vital, but nevertheless not handled properly.
A possible approach here is attempting to guess the other fields, but this promises to be a long and laborious process: though we may be able to guess other “obvious” fields, it’s very hard to imagine the bigger-picture organization of this application.
We ended up going down a different road.
Setting up your first Azure Virtual Machine can be done by following these steps: Create…
Amazon CloudFront is a content delivery network (CDN) that helps you serve static content such…
Step-By-Step Guide To Setting Up An AWS Application Load Balancer Are you looking for a…
MySQL databases often get corrupted due to issues like hardware failure, file system failure etc.…
SQL Server Replication is the process of copying databases from one node to another to…
Here are 101 System Admin tools which make System Admins' life easy.
This website uses cookies.